stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
a743bb9a1d52b453227de5aab07a2d58b5e5bcd0
git.stella-ops.org/docs/ui-analysis/05_ROUTE_SUMMARY_AND_OBSERVATIONS.md

20 KiB
Raw Blame History

Stella Ops UI Structure - Part 5: Route Summary & Observations

1. COMPLETE ROUTE TABLE

1.1 Home & Dashboard Routes

Route Component Location Guards
/ HomeDashboardComponent features/home/ requireAuthGuard
/welcome WelcomePageComponent features/welcome/ -
/dashboard/sources SourcesDashboardComponent features/dashboard/ -

1.2 Analyze Routes

Route Component Location Guards
/findings FindingsContainerComponent features/findings/container/ requireAuthGuard
/findings/:scanId FindingsContainerComponent features/findings/container/ requireAuthGuard
/vulnerabilities VulnerabilityExplorerComponent features/vulnerabilities/ requireAuthGuard
/vulnerabilities/:vulnId VulnerabilityDetailComponent features/vulnerabilities/ requireAuthGuard
/graph GraphExplorerComponent features/graph/ requireAuthGuard
/lineage LineageGraphContainerComponent features/lineage/components/ requireAuthGuard
/lineage/:artifact/compare LineageCompareComponent features/lineage/components/ requireAuthGuard
/lineage/compare LineageCompareComponent features/lineage/components/ requireAuthGuard
/reachability ReachabilityCenterComponent features/reachability/ requireAuthGuard
/admin/vex-hub VexHubDashboardComponent features/vex-hub/ requireAuthGuard
/admin/vex-hub/search VexStatementSearchComponent features/vex-hub/ requireAuthGuard
/admin/vex-hub/search/detail/:id VexStatementDetailComponent features/vex-hub/ requireAuthGuard
/admin/vex-hub/stats VexHubStatsComponent features/vex-hub/ requireAuthGuard
/admin/vex-hub/consensus VexConsensusComponent features/vex-hub/ requireAuthGuard
/admin/vex-hub/explorer VexHubComponent features/vex-hub/ requireAuthGuard
/analyze/unknowns unknownsRoutes features/unknowns-tracking/ requireAuthGuard
/analyze/patch-map PatchMapComponent features/binary-index/ requireAuthGuard
/scans/:scanId ScanDetailPageComponent features/scans/ -
/compare/:currentId CompareViewComponent features/compare/components/ requireAuthGuard
/cvss/receipts/:receiptId CvssReceiptComponent features/cvss/ requireAuthGuard

1.3 Triage Routes

Route Component Location Guards
/triage/artifacts TriageArtifactsComponent features/triage/ requireAuthGuard
/triage/artifacts/:artifactId TriageWorkspaceComponent features/triage/ requireAuthGuard
/triage/audit-bundles TriageAuditBundlesComponent features/triage/ requireAuthGuard
/triage/audit-bundles/new TriageAuditBundleNewComponent features/triage/ requireAuthGuard
/exceptions TriageArtifactsComponent features/triage/ requireAuthGuard
/risk RiskDashboardComponent features/risk/ requireAuthGuard

1.4 Policy Routes

Route Component Location Guards
/policy-studio/packs PolicyWorkspaceComponent features/policy-studio/workspace/ requirePolicyViewerGuard
/policy-studio/packs/:packId/editor PolicyEditorComponent features/policy-studio/editor/ requirePolicyAuthorGuard
/policy-studio/packs/:packId/yaml PolicyYamlEditorComponent features/policy-studio/yaml/ requirePolicyAuthorGuard
/policy-studio/packs/:packId/simulate PolicySimulationComponent features/policy-studio/simulation/ requirePolicySimulatorGuard
/policy-studio/packs/:packId/approvals PolicyApprovalsComponent features/policy-studio/approvals/ requirePolicyReviewOrApproveGuard
/policy-studio/packs/:packId/rules PolicyRuleBuilderComponent features/policy-studio/rule-builder/ requirePolicyAuthorGuard
/policy-studio/packs/:packId/explain/:runId PolicyExplainComponent features/policy-studio/explain/ requirePolicyViewerGuard
/policy-studio/packs/:packId/dashboard PolicyDashboardComponent features/policy-studio/dashboard/ requirePolicyViewerGuard
/orchestrator OrchestratorDashboardComponent features/orchestrator/ requireOrchViewerGuard
/orchestrator/jobs OrchestratorJobsComponent features/orchestrator/ requireOrchViewerGuard
/orchestrator/jobs/:jobId OrchestratorJobDetailComponent features/orchestrator/ requireOrchViewerGuard
/orchestrator/quotas OrchestratorQuotasComponent features/orchestrator/ requireOrchOperatorGuard

1.5 Ops Routes

Route Component Location Guards
/sbom-sources SourcesListComponent features/sbom-sources/components/ requireAuthGuard
/sbom-sources/new SourceWizardComponent features/sbom-sources/components/ requireAuthGuard
/sbom-sources/:id SourceDetailComponent features/sbom-sources/components/ requireAuthGuard
/sbom-sources/:id/edit SourceWizardComponent features/sbom-sources/components/ requireAuthGuard
/ops/quotas quotaRoutes features/quota-dashboard/ requireAuthGuard
/ops/quotas/tenants TenantQuotaTableComponent features/quota-dashboard/ requireAuthGuard
/ops/quotas/tenants/:tenantId TenantQuotaDetailComponent features/quota-dashboard/ requireAuthGuard
/ops/quotas/throttle ThrottleContextComponent features/quota-dashboard/ requireAuthGuard
/ops/quotas/alerts QuotaAlertConfigComponent features/quota-dashboard/ requireAuthGuard
/ops/quotas/forecast QuotaForecastComponent features/quota-dashboard/ requireAuthGuard
/ops/quotas/reports QuotaReportExportComponent features/quota-dashboard/ requireAuthGuard
/ops/orchestrator/dead-letter deadletterRoutes features/deadletter/ requireAuthGuard
/ops/orchestrator/slo sloRoutes features/slo-monitoring/ requireAuthGuard
/ops/health platformHealthRoutes features/platform-health/ requireAuthGuard
/ops/feeds feedMirrorRoutes features/feed-mirror/ requireAuthGuard
/ops/feeds/mirror/:mirrorId MirrorDetailComponent features/feed-mirror/ requireAuthGuard
/ops/feeds/airgap/import AirgapImportComponent features/feed-mirror/ requireAuthGuard
/ops/feeds/airgap/export AirgapExportComponent features/feed-mirror/ requireAuthGuard
/ops/feeds/version-locks VersionLockComponent features/feed-mirror/ requireAuthGuard
/ops/offline-kit offlineKitRoutes features/offline-kit/ requireAuthGuard
/ops/aoc AOC_COMPLIANCE_ROUTES features/aoc-compliance/ requireAuthGuard
/ops/doctor DOCTOR_ROUTES features/doctor/ requireAuthGuard
/scheduler schedulerOpsRoutes features/scheduler-ops/ requireAuthGuard
/scheduler/runs SchedulerRunsComponent features/scheduler-ops/ requireAuthGuard
/scheduler/schedules ScheduleManagementComponent features/scheduler-ops/ requireAuthGuard
/scheduler/workers WorkerFleetComponent features/scheduler-ops/ requireAuthGuard

1.6 Notify Routes

Route Component Location Guards
/notify NotifyPanelComponent features/notify/ -

1.7 Admin Routes

Route Component Location Guards
/console/admin consoleAdminRoutes features/console-admin/ requireAuthGuard + ui.admin
/console/admin/tenants TenantsListComponent features/console-admin/tenants/ authority:tenants:read
/console/admin/users UsersListComponent features/console-admin/users/ authority:users:read
/console/admin/roles RolesListComponent features/console-admin/roles/ authority:roles:read
/console/admin/clients ClientsListComponent features/console-admin/clients/ authority:clients:read
/console/admin/tokens TokensListComponent features/console-admin/tokens/ authority:tokens:read
/console/admin/audit AuditLogComponent features/console-admin/audit/ authority:audit:read
/console/admin/branding BrandingEditorComponent features/console-admin/branding/ authority:branding:read
/admin/audit auditLogRoutes features/audit-log/ requireAuthGuard
/admin/notifications adminNotificationsRoutes features/admin-notifications/ requireAuthGuard
/admin/trust trustAdminRoutes features/trust-admin/ requireAuthGuard + signer:read
/admin/policy/governance policyGovernanceRoutes features/policy-governance/ requireAuthGuard
/admin/policy/simulation policySimulationRoutes features/policy-simulation/ requireAuthGuard
/admin/registries registryAdminRoutes features/registry-admin/ requireAuthGuard
/admin/issuers issuerTrustRoutes features/issuer-trust/ requireAuthGuard
/ops/scanner scannerOpsRoutes features/scanner-ops/ requireAuthGuard
/concelier/trivy-db-settings TrivyDbSettingsPageComponent features/trivy-db-settings/ -

1.8 Console Routes

Route Component Location Guards
/console/profile ConsoleProfileComponent features/console/ -
/console/status ConsoleStatusComponent features/console/ -
/console/configuration CONFIGURATION_PANE_ROUTES features/configuration-pane/ requireAuthGuard

1.9 Release Orchestrator Routes

Route Component Location Guards
/release-orchestrator DASHBOARD_ROUTES features/release-orchestrator/dashboard/ requireAuthGuard
/release-orchestrator/environments ENVIRONMENT_ROUTES features/release-orchestrator/environments/ requireAuthGuard
/release-orchestrator/releases RELEASE_ROUTES features/release-orchestrator/releases/ requireAuthGuard
/release-orchestrator/workflows WORKFLOW_ROUTES features/release-orchestrator/workflows/ requireAuthGuard
/release-orchestrator/approvals APPROVAL_ROUTES features/release-orchestrator/approvals/ requireAuthGuard
/release-orchestrator/deployments DEPLOYMENT_ROUTES features/release-orchestrator/deployments/ requireAuthGuard
/release-orchestrator/evidence EVIDENCE_ROUTES features/release-orchestrator/evidence/ requireAuthGuard

1.10 Evidence Routes

Route Component Location Guards
/evidence evidenceExportRoutes features/evidence-export/ requireAuthGuard
/evidence/bundles EvidenceBundlesComponent features/evidence-export/ requireAuthGuard
/evidence/export ExportCenterComponent features/evidence-export/ requireAuthGuard
/evidence/replay ReplayControlsComponent features/evidence-export/ requireAuthGuard
/evidence/provenance ProvenanceVisualizationComponent features/evidence-export/ requireAuthGuard
/evidence-packs EvidencePackListComponent features/evidence-pack/ requireAuthGuard
/evidence-packs/:packId EvidencePackViewerComponent features/evidence-pack/ requireAuthGuard
/proofs/:subjectDigest ProofChainComponent features/proof-chain/ requireAuthGuard

1.11 Integration Routes

Route Component Location Guards
/integrations integrationHubRoutes features/integration-hub/ requireAuthGuard
/integrations/registries IntegrationListComponent features/integration-hub/ requireAuthGuard
/integrations/scm IntegrationListComponent features/integration-hub/ requireAuthGuard
/integrations/ci IntegrationListComponent features/integration-hub/ requireAuthGuard
/integrations/hosts IntegrationListComponent features/integration-hub/ requireAuthGuard
/integrations/feeds IntegrationListComponent features/integration-hub/ requireAuthGuard
/integrations/activity IntegrationActivityComponent features/integration-hub/ requireAuthGuard
/integrations/:integrationId IntegrationDetailComponent features/integration-hub/ requireAuthGuard

1.12 Other Routes

Route Component Location Guards
/ai-runs AiRunsListComponent features/ai-runs/ requireAuthGuard
/ai-runs/:runId AiRunViewerComponent features/ai-runs/ requireAuthGuard
/change-trace changeTraceRoutes features/change-trace/ requireAuthGuard
/setup setupWizardRoutes features/setup-wizard/ -
/auth/callback AuthCallbackComponent features/auth/ -
** redirectTo: '' - -

2. ROUTE COUNT SUMMARY

Category Route Count
Home & Dashboard 3
Analyze 20
Triage 6
Policy 12
Ops 30+
Notify 1
Admin 17+
Console 3
Release Orchestrator 7
Evidence 8
Integrations 8
Other 5
TOTAL ~120+ routes

3. OBSERVATIONS

3.1 Navigation Structure Observations

  1. 7 top-level navigation groups defined in navigation.config.ts:

    • HOME, ANALYZE, TRIAGE, POLICY, OPS, NOTIFY, ADMIN

  2. Deep nesting in OPS section: The Ops navigation group contains sub-items with their own children (e.g., Quotas has 6 sub-routes, SLO Monitoring has 3 sub-routes)

  3. Admin section size: Admin group contains 17+ items in the navigation configuration

  4. Inconsistent route prefixes:

    • VEX Hub is at /admin/vex-hub but shown in Analyze menu
    • Scanner Ops is at /ops/scanner but listed under Admin menu
    • Some scheduler routes are at /scheduler (not /ops/scheduler)

3.2 Feature Module Observations

  1. 77 feature directories under src/app/features/

  2. Duplicate/similar named modules:

    • evidence/ and evidence-export/ and evidence-pack/ and evidence-thread/
    • proof/ and proof-chain/ and proof-studio/ and proofs/
    • unknowns/ and unknowns-tracking/
    • integrations/ and integration-hub/
    • vex-hub/ and vex-studio/
    • triage/ and triage-inbox/
    • policy/ and policy-gates/ and policy-governance/ and policy-simulation/ and policy-studio/

  3. Orphaned/unused modules (exist as directories but not in main routes):

    • advisory-ai/
    • aoc/ (vs aoc-compliance/)
    • evidence/ (vs evidence-export/)
    • exceptions/ (route uses triage component)
    • integrations/ (vs integration-hub/)
    • opsmemory/
    • policy/ (vs policy-studio/)
    • proof/ (vs proof-chain/)
    • proofs/ (vs proof-chain/)
    • releases/ (vs release-orchestrator)
    • runs/
    • sbom/
    • scores/
    • secret-detection/
    • settings/
    • snapshot/
    • sources/
    • triage-inbox/
    • unknowns/ (vs unknowns-tracking/)
    • verdicts/
    • vex-studio/
    • vuln-explorer/ (vs vulnerabilities/)

3.3 Route Path Observations

  1. Mixed path conventions:

    • Some use /admin/ prefix: /admin/vex-hub, /admin/trust, /admin/audit
    • Some use /console/admin/: /console/admin/tenants, /console/admin/users
    • Some use /ops/: /ops/quotas, /ops/health, /ops/feeds
    • Some use root: /scheduler, /evidence, /integrations

  2. Inconsistent pluralization:

    • /vulnerabilities (plural) vs /risk (singular)
    • /findings (plural) vs /graph (singular)
    • /integrations (plural) vs /scheduler (singular)

  3. Deep routes:

    • /policy-studio/packs/:packId/explain/:runId - 5 segments
    • /admin/vex-hub/search/detail/:id - 5 segments
    • /ops/orchestrator/dead-letter/queue - 4 segments

3.4 Guard/Scope Observations

  1. Different guard patterns used:

    • requireAuthGuard - basic authentication
    • requireOrchViewerGuard - orchestrator read access
    • requireOrchOperatorGuard - orchestrator operator access
    • requirePolicyViewerGuard - policy read
    • requirePolicyAuthorGuard - policy authoring
    • requirePolicySimulatorGuard - policy simulation
    • requirePolicyReviewerGuard - policy review
    • requirePolicyApproverGuard - policy approval
    • requirePolicyReviewOrApproveGuard - either review or approve

  2. Scope-based access defined in navigation config:

    • graph:read for SBOM Graph
    • policy:author, policy:simulate, policy:review, policy:approve, policy:read
    • ui.admin for Admin section

  3. Some routes have no guards: /welcome, /notify, /scans/:scanId, /concelier/trivy-db-settings

3.5 Dashboard Screen Observations

Multiple dashboard screens exist across the application:

  1. Home Dashboard (/) - Security overview
  2. Orchestrator Dashboard (/orchestrator) - Job management
  3. Policy Dashboard (/policy-studio/packs/:packId/dashboard) - Per-pack metrics
  4. Quota Dashboard (/ops/quotas) - License/quota metrics
  5. Platform Health Dashboard (/ops/health) - Service health
  6. Feed Mirror Dashboard (/ops/feeds) - Feed sync status
  7. Offline Dashboard (/ops/offline-kit/dashboard) - Offline mode
  8. AOC Compliance Dashboard (/ops/aoc) - Compliance metrics
  9. Release Dashboard (/release-orchestrator) - Release pipeline
  10. VEX Hub Dashboard (/admin/vex-hub) - VEX statements
  11. Doctor Dashboard (/ops/doctor) - Diagnostics
  12. SLO Dashboard (/ops/orchestrator/slo) - SLO health
  13. Dead-Letter Dashboard (/ops/orchestrator/dead-letter) - Failed jobs
  14. Audit Dashboard (/admin/audit) - Audit overview
  15. Trust Dashboard (/admin/trust/keys) - Signing keys
  16. Sources Dashboard (/dashboard/sources) - SBOM sources

3.6 Configuration/Settings Screen Observations

Multiple locations for configuration:

  1. Setup Wizard (/setup) - Initial setup
  2. Configuration Pane (/console/configuration) - Integration config
  3. Integration Hub (/integrations) - Integration catalog
  4. Console Admin (/console/admin/*) - User/tenant/role management
  5. Trust Admin (/admin/trust) - Keys/certificates
  6. Registry Admin (/admin/registries) - Registry tokens
  7. Notification Admin (/admin/notifications) - Notification rules
  8. Policy Governance (/admin/policy/governance) - Policy config
  9. Scanner Ops (/ops/scanner/settings) - Scanner settings
  10. Quota Alert Config (/ops/quotas/alerts) - Alert thresholds
  11. SLO Definitions (/ops/orchestrator/slo/definitions) - SLO config
  12. Trivy DB Settings (/concelier/trivy-db-settings) - Trivy config

3.7 Evidence/Proof Screen Observations

Multiple locations for evidence-related functionality:

  1. Evidence Center (/evidence) - Bundles, export, replay, provenance
  2. Evidence Packs (/evidence-packs) - Pack list/viewer
  3. Proof Chain (/proofs/:subjectDigest) - Proof visualization
  4. Audit Bundles (/triage/audit-bundles) - Audit evidence
  5. Release Evidence (/release-orchestrator/evidence) - Release evidence

3.8 Shared Component Observations

Large number of shared components in src/app/shared/components/:

  • 100+ shared components
  • Mix of UI primitives (button, card, modal) and domain-specific (finding-detail, vex-status-chip)
  • Some components are highly specific (e.g., dsse-envelope-viewer, lattice-diagram)

3.9 Feature Overlap Observations

  1. Findings vs Triage: Both handle vulnerability findings with different workflows
  2. VEX Hub vs Triage VEX: VEX decisions can be made in both places
  3. Evidence in multiple places: Evidence features spread across 5 different feature modules
  4. Policy in multiple places: Policy features spread across 5 different feature modules
  5. Audit logs in multiple places: Console admin audit, unified audit log, trust audit, etc.

3.10 UI Pattern Observations

  1. Consistent patterns used:

    • Tab navigation within features
    • Slide-out detail panels
    • Data tables with filters and pagination
    • Status badges with color coding (🟢🟡🔴)
    • Skeleton loading states

  2. Dashboard card pattern: Used on home dashboard and several other dashboards

  3. Wizard pattern: Used in setup wizard, source wizard, key rotation wizard

  4. Split-pane pattern: Used in policy editor, triage workspace